Skip to main content
Skip table of contents

Deployments & Integrations

Deployment Methods

HYAS Agent

The HYAS Agent is available for installation on Windows, macOS, iOS, and Android platforms.

Deploy the HYAS Protect Agent

Click here to deploy the HYAS Protect Agent

Adopt When

  • Relying on corporate DNS servers for corporate machines is not possible.

Avoid When

  • Agents cannot be deployed on your corporate systems.

Please see our HYAS Agent Documentation for additional details on deployment steps.

Resolver

HYAS Protect functions as an external DNS resolver, applying security while resolving domain names.

Deploy via HYAS Protect Resolver

Click here to deploy via the HYAS Protect Resolver

Adopt When

  • Many corporate systems use internal DNS servers that can be pointed to the HYAS resolver.

  • Linux, and all other IoT used, since agents may not be feasible.

Avoid When

  • There are a large swathe of work-from-home employees that do not use a VPN.

  • The systems that need protection do not use a DNS server under your corporate control.

  • A need to view internal IPs or device names of machines originating the DNS requires are required.

In this situation, please see our other two options: the HYAS Agent, or Microsoft Defender for Endpoint below

Microsoft Defender for Endpoint (MDE)

The HYAS Protect deployment option via Microsoft Defender for Endpoint improves enterprise security by analyzing Defender for Endpoint sensor data to detect communication with malicious URLs/domains and enabling those domains to be blocked.

Deploy via MDE

Click here to deploy via MDE

Adopt When

  • An existing MDE environment is present

  • Plans to deploy MDE in your environment is planned in the near-term

Avoid When

  • MDE is not already used in the environment

SentinelOne

This integration is designed to provide enhanced security by seamlessly combining the capabilities of HYAS Protect and SentinelOne to identify and mitigate DNS-based attacks.

By utilizing SentinelOne alongside HYAS Protect, clients reduce the burden of managing multiple agents and are able to increase the efficacy of threat detection and mitigation.

The HYAS/SentinelOne integration consists of two parts:

  • HYAS captures streaming DNS telemetry from SentinelOne clients via Cloud Funnel, analyzes, and scores the risk all DNS queries through HYAS Protect

  • Optionally, HYAS can programmatically update the SentinelOne Firewall policies to block traffic to domains we deem malicious based on the resulting verdict

Deploy via SentinelOne

Click here to deploy via SentinelOne

Adopt When

  • An existing SentinelOne environment is present

  • Plans to deploy SentinelOne in your environment is planned in the near-term

  • You have or plan to obtain a CloudFunnel subscription

Avoid When

  • SentinelOne and CloudFunnel are not already used in the environment

Relay

The HYAS Protect Relay is a network-installed service that enhances resolver-based deployments by providing visibility into internal network details. It captures DNS telemetry, relaying it back to HYAS Protect to improve monitoring, logging, and policy enforcement.

Deploy via Relay

Click here to deploy via the HYAS Protect Relay

Adopt When

  • You need visibility into internal device names and IP addresses for more detailed analysis.

  • You want granular policy enforcement at the IP or subnet level.

  • Improved logging and detailed DNS data are priorities for your security needs.

  • Compatibility across macOS, Windows, and Linux is essential.

Avoid When

  • Your deployment does not require internal device detail, and external IP visibility is sufficient.

  • Policy enforcement at a general network level is adequate, without the need for granular IP-based control.

  • You are not looking for additional logging capabilities or cross-platform support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close